https://github.com/osquery/osquery logo
Join Slack
Powered by
may i know is there anyway i can avoid fleet fetch...
# general
w
may i know is there anyway i can avoid fleet fetching this to present as value of osquery?
s
It looks like you are building custom packages..you can customize that by setting the 
OSQUERY_VERSION
env variable when building it locally as described here https://osquery.readthedocs.io/en/latest/development/building/#identifying-the-osquery-version
s
I’m not sure about that but you can choose the version that osquery has to use when you build it, if you want to do a custom build. In that thread Kathy has pointed you to the CMake option that can be overridden while configuring (OSQUERY_VERSION). So when you do 
cmake […]
add 
-DOSQUERY_VERSION="<your version>"
ah 😄
w
but the weird thing is this is the pkg i built by debian flow, and you can see the package info. FVFHP07CQ05Q:Downloads bytedance$ dpkg --info osquery_5.4.0_amd64.deb new Debian package, version 2.0. size 12923020 bytes: control archive=6988 bytes. 43 bytes, 2 lines conffiles 221 bytes, 10 lines control 19298 bytes, 241 lines md5sums 583 bytes, 23 lines * postinst #!/bin/sh Package: osquery Version: 5.4.0 Architecture: amd64 Maintainer: wennan.he Installed-Size: 51166 Depends: sudo, wget Section: admin Priority: extra Homepage:XXX Description: osquery agent you can see the version is 5.4.0. but the present one is another val in fleet.
s
Yeah I think the wiki has to be updated, there are 2 versions involved, one is for the binary itself and it’s hardcoded into it. That one is provided via cmake and can be seen either via 
osqueryd --version
or querying the 
osquery_info
table
Then you have the version the package, which is passed via 
OSQUERY_PACKAGE_VERSION
as a cmake flag too but when building the 
osquery-packaging
repo
I’m not too sure why we have 
OSQUERY_VERSION
as an env var
because it’s not read from there
ah, sorry, it’s that one has to read the whole process; the env var is just there so that later you can do:
Copy code
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo \
  -DCPACK_GENERATOR=DEB \
  -DOSQUERY_PACKAGE_VERSION=${OSQUERY_VERSION} \
  -DOSQUERY_DATA_PATH=${DESTDIR} \
  -DOSQUERY_SOURCE_DIRECTORY_LIST="osquery-src-path;osquery-build-path" \
  ../osquery-packaging
but otherwise everything is given via CMake options
w
so you mean if i run cmake -DOSQUERY_PACKAGE_VERSION=${OSQUERY_VERSION} is also working? and i will see OSQUERY_VERSION i setup in fleet page?
s
That is for the package version itself, Fleet will ignore that because at that point osquery is already installed. What Fleet is picking up is the version hardcoded in the osquery binary, that has to be passed via 
OSQUERY_VERSION
but as a CMake flag in the osquery binary configuration process and build
w
OK, thank you for explain, and is there any way i can setup that osquery_version?
s
Yes, as I was mentioning here https://osquery.slack.com/archives/C08V7KTJB/p1666896117837239?thread_ts=1666895723.863199&amp;cid=C08V7KTJB you have to pass that as a CMake flag when you are configuring and building osquery
w
ok gotta, thx.
i tried but right now the val os osquery of my new built package is still 5.4.0-dirty, looks like "-dirty" means there is commit checked in after last commit of my tag, even i tried to move the tag to cover all my commits, it still doesn't work. any suggestion?
message has been deleted
s
How have you provided the version to the build?
Because if you use the cmake flag 
OSQUERY_VERSION
, then that will override the version with what you’ve passed, so unless somehow you passed that 
-dirty
after the version number, it means to me that you haven’t used 
OSQUERY_VERSION
? If you don’t pass it, then 
git describe --tags --always --dirty
is what gets used internally. You might want to check again Kathy answer https://osquery.slack.com/archives/C01DXJL16D8/p1666895235514769?thread_ts=1666829283.151999&amp;cid=C01DXJL16D8
Dirty doesn’t mean that you have a commit after the tag, but that you have changes not staged for commit in your working dir
So file changes that have not been committed. You might want to check your source folder with 
git status
w
you have changes not staged for commit in your working dir what does it mean?
i really have some commits
this is my git log
you can see my commit after the last commit of 5.4.0
s
That’s not how it works. The tag is on the top commit (the last), so 
git describe […]
it’s correctly taking 5.4.0; but you don’t have to look there. You have to look at 
git status
. When you make a change to a file and not do 
git add
to it or fully commit it, that in git parlance is a 
change not staged for commit
, or another way to say it is that you have your working tree dirty/not clean
That again means that what you’re building is not actually the state the code would have if you cloned the source code at your tag; there’s some other modification in your source folder which is not tracked
w
i don't add any change when building osquery but i would generate some temp folders to store all the generated files by build itself. So you mean that is the not staged change?
s
Have you checked what 
git status
gives?
w
i will check it
thx 4 explain.
by the official doc, i will create a folder of build to store these tmp files, would this cause that suffix of dirty?
s
build
directory will not cause an issue because that's part of 
.gitignore
so it gets ignored
w
And could anyone help to explain where did the middle part of the name come from?
s
do you mean the 
gcede[..]
part? that always comes from 
git describe --always --tags --dirty
, but more specifically is the short form of the SHA of the commit the binary has been built from
you can also obtain it with 
git rev-parse --short HEAD
And it shows because you’re not on a tag
w
thx, i am trying to figure out that how to make it align with pervious name like 5.4.0
3 Views
Open in Slack
PreviousNext
Powered by